diff options
| author | realmfoo <konstantin.leboev@gmail.com> | 2011-08-10 10:59:19 +0400 |
|---|---|---|
| committer | realmfoo <konstantin.leboev@gmail.com> | 2011-08-10 10:59:19 +0400 |
| commit | b33e8d2376f20761911faa654d85790d61a29019 (patch) | |
| tree | 91ef528a24e416523bb25859a702d8d859a0e2af /Acl | |
| parent | 111f1e758a0919556c2c2fdd8fd8779303113f30 (diff) | |
| parent | 77b520411cafe3f32f1f52d27dd806ee6110504d (diff) | |
| download | symfony-security-b33e8d2376f20761911faa654d85790d61a29019.zip symfony-security-b33e8d2376f20761911faa654d85790d61a29019.tar.gz symfony-security-b33e8d2376f20761911faa654d85790d61a29019.tar.bz2 | |
merge from master
Diffstat (limited to 'Acl')
41 files changed, 100 insertions, 92 deletions
diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php index 62667c8..9050cf8 100644 --- a/Acl/Dbal/MutableAclProvider.php +++ b/Acl/Dbal/MutableAclProvider.php @@ -246,6 +246,10 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf } $this->regenerateAncestorRelations($acl); + $childAcls = $this->findAcls($this->findChildren($acl->getObjectIdentity(), false)); + foreach ($childAcls as $childOid) { + $this->regenerateAncestorRelations($childAcls[$childOid]); + } } // this includes only updates of existing ACEs, but neither the creation, nor diff --git a/Acl/Dbal/Schema.php b/Acl/Dbal/Schema.php index 09d60aa..dd8cf08 100644 --- a/Acl/Dbal/Schema.php +++ b/Acl/Dbal/Schema.php @@ -142,4 +142,4 @@ final class Schema extends BaseSchema $table->setPrimaryKey(array('id')); $table->addUniqueIndex(array('identifier', 'username')); } -}
\ No newline at end of file +} diff --git a/Acl/Domain/AclCollectionCache.php b/Acl/Domain/AclCollectionCache.php index 6614724..c4f5fdd 100644 --- a/Acl/Domain/AclCollectionCache.php +++ b/Acl/Domain/AclCollectionCache.php @@ -63,4 +63,4 @@ class AclCollectionCache $this->aclProvider->findAcls($oids, $sids); } -}
\ No newline at end of file +} diff --git a/Acl/Domain/AuditLogger.php b/Acl/Domain/AuditLogger.php index 9f95d06..d6d7d9d 100644 --- a/Acl/Domain/AuditLogger.php +++ b/Acl/Domain/AuditLogger.php @@ -45,9 +45,9 @@ abstract class AuditLogger implements AuditLoggerInterface /** * This method is only called when logging is needed * - * @param Boolean $granted + * @param Boolean $granted * @param EntryInterface $ace * @return void */ abstract protected function doLog($granted, EntryInterface $ace); -}
\ No newline at end of file +} diff --git a/Acl/Domain/DoctrineAclCache.php b/Acl/Domain/DoctrineAclCache.php index 64241e2..21e5149 100644 --- a/Acl/Domain/DoctrineAclCache.php +++ b/Acl/Domain/DoctrineAclCache.php @@ -165,7 +165,7 @@ class DoctrineAclCache implements AclCacheInterface $reflectionProperty->setValue($acl, $this->permissionGrantingStrategy); $reflectionProperty->setAccessible(false); - $aceAclProperty = new \ReflectionProperty('Symfony\Component\Security\Acl\Domain\Entry', 'id'); + $aceAclProperty = new \ReflectionProperty('Symfony\Component\Security\Acl\Domain\Entry', 'acl'); $aceAclProperty->setAccessible(true); foreach ($acl->getObjectAces() as $ace) { diff --git a/Acl/Domain/FieldEntry.php b/Acl/Domain/FieldEntry.php index 5ff6921..4167ba4 100644 --- a/Acl/Domain/FieldEntry.php +++ b/Acl/Domain/FieldEntry.php @@ -72,4 +72,4 @@ class FieldEntry extends Entry implements FieldEntryInterface list($this->field, $parentStr) = unserialize($serialized); parent::unserialize($parentStr); } -}
\ No newline at end of file +} diff --git a/Acl/Domain/ObjectIdentity.php b/Acl/Domain/ObjectIdentity.php index f55f8a5..3bf1fe1 100644 --- a/Acl/Domain/ObjectIdentity.php +++ b/Acl/Domain/ObjectIdentity.php @@ -20,7 +20,7 @@ use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class ObjectIdentity implements ObjectIdentityInterface +final class ObjectIdentity implements ObjectIdentityInterface { private $identifier; private $type; @@ -52,7 +52,7 @@ class ObjectIdentity implements ObjectIdentityInterface * @throws \InvalidArgumentException * @return ObjectIdentity */ - public static function fromDomainObject($domainObject) + static public function fromDomainObject($domainObject) { if (!is_object($domainObject)) { throw new InvalidDomainObjectException('$domainObject must be an object.'); @@ -107,4 +107,4 @@ class ObjectIdentity implements ObjectIdentityInterface { return sprintf('ObjectIdentity(%s, %s)', $this->identifier, $this->type); } -}
\ No newline at end of file +} diff --git a/Acl/Domain/ObjectIdentityRetrievalStrategy.php b/Acl/Domain/ObjectIdentityRetrievalStrategy.php index 00b5b6b..acd3b2c 100644 --- a/Acl/Domain/ObjectIdentityRetrievalStrategy.php +++ b/Acl/Domain/ObjectIdentityRetrievalStrategy.php @@ -32,4 +32,4 @@ class ObjectIdentityRetrievalStrategy implements ObjectIdentityRetrievalStrategy return null; } } -}
\ No newline at end of file +} diff --git a/Acl/Domain/RoleSecurityIdentity.php b/Acl/Domain/RoleSecurityIdentity.php index d3694e6..51d3d0c 100644 --- a/Acl/Domain/RoleSecurityIdentity.php +++ b/Acl/Domain/RoleSecurityIdentity.php @@ -19,7 +19,7 @@ use Symfony\Component\Security\Core\Role\Role; * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class RoleSecurityIdentity implements SecurityIdentityInterface +final class RoleSecurityIdentity implements SecurityIdentityInterface { private $role; @@ -71,4 +71,4 @@ class RoleSecurityIdentity implements SecurityIdentityInterface { return sprintf('RoleSecurityIdentity(%s)', $this->role); } -}
\ No newline at end of file +} diff --git a/Acl/Domain/SecurityIdentityRetrievalStrategy.php b/Acl/Domain/SecurityIdentityRetrievalStrategy.php index d16a978..d9e118b 100644 --- a/Acl/Domain/SecurityIdentityRetrievalStrategy.php +++ b/Acl/Domain/SecurityIdentityRetrievalStrategy.php @@ -79,4 +79,4 @@ class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStra return $sids; } -}
\ No newline at end of file +} diff --git a/Acl/Domain/UserSecurityIdentity.php b/Acl/Domain/UserSecurityIdentity.php index ac63080..b6cae4a 100644 --- a/Acl/Domain/UserSecurityIdentity.php +++ b/Acl/Domain/UserSecurityIdentity.php @@ -20,7 +20,7 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class UserSecurityIdentity implements SecurityIdentityInterface +final class UserSecurityIdentity implements SecurityIdentityInterface { private $username; private $class; @@ -40,7 +40,7 @@ class UserSecurityIdentity implements SecurityIdentityInterface throw new \InvalidArgumentException('$class must not be empty.'); } - $this->username = $username; + $this->username = (string) $username; $this->class = $class; } @@ -50,7 +50,7 @@ class UserSecurityIdentity implements SecurityIdentityInterface * @param UserInterface $user * @return UserSecurityIdentity */ - public static function fromAccount(UserInterface $user) + static public function fromAccount(UserInterface $user) { return new self($user->getUsername(), get_class($user)); } @@ -61,7 +61,7 @@ class UserSecurityIdentity implements SecurityIdentityInterface * @param TokenInterface $token * @return UserSecurityIdentity */ - public static function fromToken(TokenInterface $token) + static public function fromToken(TokenInterface $token) { $user = $token->getUser(); @@ -116,4 +116,4 @@ class UserSecurityIdentity implements SecurityIdentityInterface { return sprintf('UserSecurityIdentity(%s, %s)', $this->username, $this->class); } -}
\ No newline at end of file +} diff --git a/Acl/Exception/AclAlreadyExistsException.php b/Acl/Exception/AclAlreadyExistsException.php index 18658b7..512da7f 100644 --- a/Acl/Exception/AclAlreadyExistsException.php +++ b/Acl/Exception/AclAlreadyExistsException.php @@ -19,4 +19,4 @@ namespace Symfony\Component\Security\Acl\Exception; */ class AclAlreadyExistsException extends Exception { -}
\ No newline at end of file +} diff --git a/Acl/Exception/AclNotFoundException.php b/Acl/Exception/AclNotFoundException.php index 8de1ea5..bd66c00 100644 --- a/Acl/Exception/AclNotFoundException.php +++ b/Acl/Exception/AclNotFoundException.php @@ -19,4 +19,4 @@ namespace Symfony\Component\Security\Acl\Exception; */ class AclNotFoundException extends Exception { -}
\ No newline at end of file +} diff --git a/Acl/Exception/ConcurrentModificationException.php b/Acl/Exception/ConcurrentModificationException.php index 34d2775..a527d9c 100644 --- a/Acl/Exception/ConcurrentModificationException.php +++ b/Acl/Exception/ConcurrentModificationException.php @@ -19,4 +19,4 @@ namespace Symfony\Component\Security\Acl\Exception; */ class ConcurrentModificationException extends Exception { -}
\ No newline at end of file +} diff --git a/Acl/Exception/Exception.php b/Acl/Exception/Exception.php index f99cb05..d381c57 100644 --- a/Acl/Exception/Exception.php +++ b/Acl/Exception/Exception.php @@ -18,4 +18,4 @@ namespace Symfony\Component\Security\Acl\Exception; */ class Exception extends \Exception { -}
\ No newline at end of file +} diff --git a/Acl/Exception/InvalidDomainObjectException.php b/Acl/Exception/InvalidDomainObjectException.php index 20e91b5..fc1a646 100644 --- a/Acl/Exception/InvalidDomainObjectException.php +++ b/Acl/Exception/InvalidDomainObjectException.php @@ -19,4 +19,4 @@ namespace Symfony\Component\Security\Acl\Exception; */ class InvalidDomainObjectException extends Exception { -}
\ No newline at end of file +} diff --git a/Acl/Exception/NoAceFoundException.php b/Acl/Exception/NoAceFoundException.php index 994efc0..4d194d9 100644 --- a/Acl/Exception/NoAceFoundException.php +++ b/Acl/Exception/NoAceFoundException.php @@ -23,4 +23,4 @@ class NoAceFoundException extends Exception { parent::__construct('No applicable ACE was found.'); } -}
\ No newline at end of file +} diff --git a/Acl/Exception/NotAllAclsFoundException.php b/Acl/Exception/NotAllAclsFoundException.php index 820d933..8e7a08f 100644 --- a/Acl/Exception/NotAllAclsFoundException.php +++ b/Acl/Exception/NotAllAclsFoundException.php @@ -44,4 +44,4 @@ class NotAllAclsFoundException extends AclNotFoundException { return $this->partialResult; } -}
\ No newline at end of file +} diff --git a/Acl/Exception/SidNotLoadedException.php b/Acl/Exception/SidNotLoadedException.php index 0353f92..cb8c4cc 100644 --- a/Acl/Exception/SidNotLoadedException.php +++ b/Acl/Exception/SidNotLoadedException.php @@ -19,4 +19,4 @@ namespace Symfony\Component\Security\Acl\Exception; */ class SidNotLoadedException extends Exception { -}
\ No newline at end of file +} diff --git a/Acl/Model/AclCacheInterface.php b/Acl/Model/AclCacheInterface.php index 30be707..bc6c11f 100644 --- a/Acl/Model/AclCacheInterface.php +++ b/Acl/Model/AclCacheInterface.php @@ -66,4 +66,4 @@ interface AclCacheInterface * @return void */ function clearCache(); -}
\ No newline at end of file +} diff --git a/Acl/Model/AclInterface.php b/Acl/Model/AclInterface.php index e8119fe..9094560 100644 --- a/Acl/Model/AclInterface.php +++ b/Acl/Model/AclInterface.php @@ -103,4 +103,4 @@ interface AclInterface extends \Serializable * @return Boolean */ function isSidLoaded($securityIdentities); -}
\ No newline at end of file +} diff --git a/Acl/Model/AclProviderInterface.php b/Acl/Model/AclProviderInterface.php index 9d1075d..12f55e0 100644 --- a/Acl/Model/AclProviderInterface.php +++ b/Acl/Model/AclProviderInterface.php @@ -46,4 +46,4 @@ interface AclProviderInterface * @return \SplObjectStorage mapping the passed object identities to ACLs */ function findAcls(array $oids, array $sids = array()); -}
\ No newline at end of file +} diff --git a/Acl/Model/AuditLoggerInterface.php b/Acl/Model/AuditLoggerInterface.php index a2afd41..dceb76b 100644 --- a/Acl/Model/AuditLoggerInterface.php +++ b/Acl/Model/AuditLoggerInterface.php @@ -27,4 +27,4 @@ interface AuditLoggerInterface * @return void */ function logIfNeeded($granted, EntryInterface $ace); -}
\ No newline at end of file +} diff --git a/Acl/Model/AuditableAclInterface.php b/Acl/Model/AuditableAclInterface.php index 953cf0d..2a6d619 100644 --- a/Acl/Model/AuditableAclInterface.php +++ b/Acl/Model/AuditableAclInterface.php @@ -60,4 +60,4 @@ interface AuditableAclInterface extends MutableAclInterface * @return void */ function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure); -}
\ No newline at end of file +} diff --git a/Acl/Model/AuditableEntryInterface.php b/Acl/Model/AuditableEntryInterface.php index e79e309..40c4484 100644 --- a/Acl/Model/AuditableEntryInterface.php +++ b/Acl/Model/AuditableEntryInterface.php @@ -31,4 +31,4 @@ interface AuditableEntryInterface extends EntryInterface * @return Boolean */ function isAuditSuccess(); -}
\ No newline at end of file +} diff --git a/Acl/Model/DomainObjectInterface.php b/Acl/Model/DomainObjectInterface.php index fb89858..50bc4c3 100644 --- a/Acl/Model/DomainObjectInterface.php +++ b/Acl/Model/DomainObjectInterface.php @@ -26,4 +26,4 @@ interface DomainObjectInterface * @return string */ function getObjectIdentifier(); -}
\ No newline at end of file +} diff --git a/Acl/Model/EntryInterface.php b/Acl/Model/EntryInterface.php index 8de4ff3..6fe0dc8 100644 --- a/Acl/Model/EntryInterface.php +++ b/Acl/Model/EntryInterface.php @@ -62,4 +62,4 @@ interface EntryInterface extends \Serializable * @return Boolean */ function isGranting(); -}
\ No newline at end of file +} diff --git a/Acl/Model/FieldEntryInterface.php b/Acl/Model/FieldEntryInterface.php index 68aa10c..a35ddb4 100644 --- a/Acl/Model/FieldEntryInterface.php +++ b/Acl/Model/FieldEntryInterface.php @@ -24,4 +24,4 @@ interface FieldEntryInterface extends EntryInterface * @return string */ function getField(); -}
\ No newline at end of file +} diff --git a/Acl/Model/MutableAclInterface.php b/Acl/Model/MutableAclInterface.php index 9a64709..54a3f8e 100644 --- a/Acl/Model/MutableAclInterface.php +++ b/Acl/Model/MutableAclInterface.php @@ -169,4 +169,4 @@ interface MutableAclInterface extends AclInterface * @return void */ function updateObjectFieldAce($index, $field, $mask, $strategy = null); -}
\ No newline at end of file +} diff --git a/Acl/Model/MutableAclProviderInterface.php b/Acl/Model/MutableAclProviderInterface.php index eab1dda..c04eb31 100644 --- a/Acl/Model/MutableAclProviderInterface.php +++ b/Acl/Model/MutableAclProviderInterface.php @@ -49,4 +49,4 @@ interface MutableAclProviderInterface extends AclProviderInterface * @return void */ function updateAcl(MutableAclInterface $acl); -}
\ No newline at end of file +} diff --git a/Acl/Model/ObjectIdentityInterface.php b/Acl/Model/ObjectIdentityInterface.php index d4621c1..7e892bf 100644 --- a/Acl/Model/ObjectIdentityInterface.php +++ b/Acl/Model/ObjectIdentityInterface.php @@ -46,4 +46,4 @@ interface ObjectIdentityInterface * @return string cannot return null */ function getType(); -}
\ No newline at end of file +} diff --git a/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php b/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php index df7a1a9..e53c3da 100644 --- a/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php +++ b/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php @@ -25,4 +25,4 @@ interface ObjectIdentityRetrievalStrategyInterface * @return ObjectIdentityInterface */ function getObjectIdentity($domainObject); -}
\ No newline at end of file +} diff --git a/Acl/Model/PermissionGrantingStrategyInterface.php b/Acl/Model/PermissionGrantingStrategyInterface.php index 882eb08..7afdfac 100644 --- a/Acl/Model/PermissionGrantingStrategyInterface.php +++ b/Acl/Model/PermissionGrantingStrategyInterface.php @@ -22,9 +22,9 @@ interface PermissionGrantingStrategyInterface * Determines whether access to a domain object is to be granted * * @param AclInterface $acl - * @param array $masks - * @param array $sids - * @param Boolean $administrativeMode + * @param array $masks + * @param array $sids + * @param Boolean $administrativeMode * @return Boolean */ function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false); @@ -41,4 +41,4 @@ interface PermissionGrantingStrategyInterface * @return Boolean */ function isFieldGranted(AclInterface $acl, $field, array $masks, array $sids, $administrativeMode = false); -}
\ No newline at end of file +} diff --git a/Acl/Model/SecurityIdentityInterface.php b/Acl/Model/SecurityIdentityInterface.php index 778bbbf..1833630 100644 --- a/Acl/Model/SecurityIdentityInterface.php +++ b/Acl/Model/SecurityIdentityInterface.php @@ -28,4 +28,4 @@ interface SecurityIdentityInterface * @return void */ function equals(SecurityIdentityInterface $identity); -}
\ No newline at end of file +} diff --git a/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php b/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php index 3353be4..3bbbaa4 100644 --- a/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php +++ b/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php @@ -31,4 +31,4 @@ interface SecurityIdentityRetrievalStrategyInterface * @return array of SecurityIdentityInterface implementations */ function getSecurityIdentities(TokenInterface $token); -}
\ No newline at end of file +} diff --git a/Acl/Permission/BasicPermissionMap.php b/Acl/Permission/BasicPermissionMap.php index 18006ff..b2bcf65 100644 --- a/Acl/Permission/BasicPermissionMap.php +++ b/Acl/Permission/BasicPermissionMap.php @@ -84,10 +84,10 @@ class BasicPermissionMap implements PermissionMapInterface /** * {@inheritDoc} */ - public function getMasks($permission) + public function getMasks($permission, $object) { if (!isset($this->map[$permission])) { - throw new \InvalidArgumentException(sprintf('The permission "%s" is not supported by this implementation.', $permission)); + return null; } return $this->map[$permission]; @@ -100,4 +100,4 @@ class BasicPermissionMap implements PermissionMapInterface { return isset($this->map[$permission]); } -}
\ No newline at end of file +} diff --git a/Acl/Permission/MaskBuilder.php b/Acl/Permission/MaskBuilder.php index 9965228..f7a6a3a 100644 --- a/Acl/Permission/MaskBuilder.php +++ b/Acl/Permission/MaskBuilder.php @@ -92,7 +92,7 @@ class MaskBuilder */ public function add($mask) { - if (is_string($mask) && defined($name = 'self::MASK_'.strtoupper($mask))) { + if (is_string($mask) && defined($name = 'static::MASK_'.strtoupper($mask))) { $mask = constant($name); } else if (!is_int($mask)) { throw new \InvalidArgumentException('$mask must be an integer.'); @@ -145,7 +145,7 @@ class MaskBuilder */ public function remove($mask) { - if (is_string($mask) && defined($name = 'self::MASK_'.strtoupper($mask))) { + if (is_string($mask) && defined($name = 'static::MASK_'.strtoupper($mask))) { $mask = constant($name); } else if (!is_int($mask)) { throw new \InvalidArgumentException('$mask must be an integer.'); @@ -176,7 +176,7 @@ class MaskBuilder * @throws \RuntimeException * @return string */ - public static function getCode($mask) + static public function getCode($mask) { if (!is_int($mask)) { throw new \InvalidArgumentException('$mask must be an integer.'); @@ -189,7 +189,7 @@ class MaskBuilder } if ($mask === $cMask) { - if (!defined($cName = 'self::CODE_'.substr($name, 5))) { + if (!defined($cName = 'static::CODE_'.substr($name, 5))) { throw new \RuntimeException('There was no code defined for this mask.'); } @@ -199,4 +199,4 @@ class MaskBuilder throw new \InvalidArgumentException(sprintf('The mask "%d" is not supported.', $mask)); } -}
\ No newline at end of file +} diff --git a/Acl/Permission/PermissionMapInterface.php b/Acl/Permission/PermissionMapInterface.php index bc4ca08..c2e49d5 100644 --- a/Acl/Permission/PermissionMapInterface.php +++ b/Acl/Permission/PermissionMapInterface.php @@ -25,9 +25,10 @@ interface PermissionMapInterface * these bitmasks. * * @param string $permission - * @return array + * @param object $object + * @return array may return null if permission/object combination is not supported */ - function getMasks($permission); + function getMasks($permission, $object); /** * Whether this map contains the given permission @@ -36,4 +37,4 @@ interface PermissionMapInterface * @return Boolean */ function contains($permission); -}
\ No newline at end of file +} diff --git a/Acl/Resources/bin/generateSql.php b/Acl/Resources/bin/generateSql.php index 68094eb..dc247d4 100644 --- a/Acl/Resources/bin/generateSql.php +++ b/Acl/Resources/bin/generateSql.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + require_once __DIR__.'/../../../../ClassLoader/UniversalClassLoader.php'; use Symfony\Component\ClassLoader\UniversalClassLoader; @@ -30,7 +39,7 @@ $finder = new Finder(); $finder->name('*Platform.php')->in(dirname($reflection->getFileName())); foreach ($finder as $file) { require_once $file->getPathName(); - $className = 'Doctrine\\DBAL\\Platforms\\' . $file->getBasename('.php'); + $className = 'Doctrine\\DBAL\\Platforms\\'.$file->getBasename('.php'); $reflection = new ReflectionClass($className); if ($reflection->isAbstract()) { diff --git a/Acl/Voter/AclVoter.php b/Acl/Voter/AclVoter.php index 140628c..574b5c2 100644 --- a/Acl/Voter/AclVoter.php +++ b/Acl/Voter/AclVoter.php @@ -57,36 +57,29 @@ class AclVoter implements VoterInterface public function vote(TokenInterface $token, $object, array $attributes) { - $firstCall = true; foreach ($attributes as $attribute) { - if (!$this->supportsAttribute($attribute)) { + if (null === $masks = $this->permissionMap->getMasks($attribute, $object)) { continue; } - if ($firstCall) { - $firstCall = false; - - if (null === $object) { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain')); - } - - return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN; - } else if ($object instanceof FieldVote) { - $field = $object->getField(); - $object = $object->getDomainObject(); - } else { - $field = null; + if (null === $object) { + if (null !== $this->logger) { + $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain')); } - if ($object instanceof ObjectIdentityInterface) { - $oid = $object; - } else if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain')); - } + return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN; + } else if ($object instanceof FieldVote) { + $field = $object->getField(); + $object = $object->getDomainObject(); + } else { + $field = null; + } - return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN; + if ($object instanceof ObjectIdentityInterface) { + $oid = $object; + } else if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) { + if (null !== $this->logger) { + $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain')); } if (!$this->supportsClass($oid->getType())) { @@ -95,25 +88,20 @@ class AclVoter implements VoterInterface $sids = $this->securityIdentityRetrievalStrategy->getSecurityIdentities($token); - try { - $acl = $this->aclProvider->findAcl($oid, $sids); - } catch (AclNotFoundException $noAcl) { - if (null !== $this->logger) { - $this->logger->debug('No ACL found for the object identity. Voting to deny access.'); - } - - return self::ACCESS_DENIED; - } + return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN; } + $sids = $this->securityIdentityRetrievalStrategy->getSecurityIdentities($token); try { - if (null === $field && $acl->isGranted($this->permissionMap->getMasks($attribute), $sids, false)) { + $acl = $this->aclProvider->findAcl($oid, $sids); + + if (null === $field && $acl->isGranted($masks, $sids, false)) { if (null !== $this->logger) { $this->logger->debug('ACL found, permission granted. Voting to grant access'); } return self::ACCESS_GRANTED; - } else if (null !== $field && $acl->isFieldGranted($field, $this->permissionMap->getMasks($attribute), $sids, false)) { + } else if (null !== $field && $acl->isFieldGranted($field, $masks, $sids, false)) { if (null !== $this->logger) { $this->logger->debug('ACL found, permission granted. Voting to grant access'); } @@ -126,6 +114,12 @@ class AclVoter implements VoterInterface } return self::ACCESS_DENIED; + } catch (AclNotFoundException $noAcl) { + if (null !== $this->logger) { + $this->logger->debug('No ACL found for the object identity. Voting to deny access.'); + } + + return self::ACCESS_DENIED; } catch (NoAceFoundException $noAce) { if (null !== $this->logger) { $this->logger->debug('ACL found, no ACE applicable. Voting to deny access.'); diff --git a/Acl/Voter/FieldVote.php b/Acl/Voter/FieldVote.php index 01f0c20..8782f76 100644 --- a/Acl/Voter/FieldVote.php +++ b/Acl/Voter/FieldVote.php @@ -37,4 +37,4 @@ class FieldVote { return $this->field; } -}
\ No newline at end of file +} |